WS安全性错误:181001尝试通过Apache CXF访问Web服务时

时间:2013-04-08 14:00:20

标签: java web-services cxf

我使用wsdl2java成功生成了Java类。现在我正在尝试构建一个用于访问Web服务的客户端。我正在使用Apache CXF。 在尝试连接时,我收到以下错误:

Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: WS Security Error : 181001
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:155)
    at $Proxy36.getCustomerOp(Unknown Source)
    at com.ievgen.webservices.TestClient4.main(TestClient4.java:87)
Caused by: org.apache.cxf.binding.soap.SoapFault: WS Security Error : 181001
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
    at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:114)
    at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
    at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
    at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:800)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1592)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1490)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1309)
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:622)
    at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
    ... 2 more

根据我在网上找到的内容,181001错误意味着缺少所需的身份验证块。但是,我已按文档中所述配置了用户名和密码:http://cxf.apache.org/docs/ws-secureconversation.html

这是我的代码:

package com.ievgen.webservices;

import java.io.File;

import javax.net.ssl.*;
import javax.xml.ws.BindingProvider;
import java.net.MalformedURLException;
import java.net.URL;

import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.transport.http.HTTPConduit;

import info.app.catalogservices.schemas.customerquery_1.CustomerQueryType;
import info.app.catalogservices.services.csscatalogservicesinterface_1_0.CustomerError;
import info.app.catalogservices.services.csscatalogservicesinterface_1_0.IntfCatalogServicesService;
import info.app.catalogservices.services.csscatalogservicesinterface_1_0.PortType;

public class TestClient4 {

    /**
     * @param args
     * @throws MalformedURLException
     */
    public static void main(String[] args) throws MalformedURLException {
        // Create a trust manager that does not validate certificate chains
        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            public void checkClientTrusted(
                    java.security.cert.X509Certificate[] certs, String authType) {
            }

            public void checkServerTrusted(
                    java.security.cert.X509Certificate[] certs, String authType) {
            }
        } };

        // TODO Auto-generated method stub
        File wsdlFile = new File("WebContent/CatalogServices-1.1.0.wsdl");
        URL wsdlUrl = null;
        if (wsdlFile.exists()) {
            wsdlUrl = wsdlFile.toURL();
        } else {
            System.out.println("File doesn't exist");
        }

        System.out.println("WSDL url: " + wsdlUrl);
        IntfCatalogServicesService service = new IntfCatalogServicesService(
                wsdlUrl);
        PortType portType = service.getPortTypeEndpoint();

        // This will configure the http conduit dynamically
        Client client = ClientProxy.getClient(portType);

        client.getRequestContext().put("ws-security.username", "username");
        client.getRequestContext().put("ws-security.password", "password");

        HTTPConduit http = (HTTPConduit) client.getConduit();

        TLSClientParameters tlsParams = new TLSClientParameters();
        // set trust manager which trusts to all certificates
        tlsParams.setTrustManagers(trustAllCerts);
        // The certificate provides another CN that it really is, so disable
        // CNcheck
        tlsParams.setDisableCNCheck(true);

        http.setTlsClientParameters(tlsParams);

        String resp;
        CustomerQueryType customerQuery = new CustomerQueryType();
        customerQuery.setCustomer("0056712120");
        java.util.Map<String,Object> requestContext = ((BindingProvider) portType)
                .getRequestContext();
            //I set username/password twice because I am not sure where to do it better
            //I have found different directions in different sources
        requestContext.put("ws-security.username", "username");
        requestContext.put("ws-security.password", "password");
        requestContext
                .put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
                        "https://host:port/Services/intfCatalogServices-service.serviceagent/portTypeEndpoint");

        try {
            resp = portType.getCustomerOp(customerQuery).toString();
            System.out.println(resp);
        } catch (CustomerError e) {
            e.printStackTrace();
        }
    }

}

注意:我可以使用SOAP UI访问Web服务。

你能告诉我我在这里失踪了吗?

编辑: 这里:http://cxf.apache.org/docs/ws-secureconversation.html据说设置“ws-security.username.sct:”是必要的。另一方面,这里:http://cxf.apache.org/docs/ws-securitypolicy.html据说设置“ws-security.username”。我尝试了两种变体,但它们都不适合我。

1 个答案:

答案 0 :(得分:1)

您使用的WSDL中是否有一个描述安全要求的WS-Policy片段?如果没有,则不会应用WS-SecurityPolicy属性,因为有效的策略不提及与安全性相关的任何内容。

如果没有任何与安全相关的策略,则需要手动配置WSS4J拦截器。见http://cxf.apache.org/docs/ws-security.html